Report - 1fe743a4cb9712.lhr.life/

Report Overview

Submitted URL
1fe743a4cb9712.lhr.life/
IP
3.234.18.192
ASN
#14618 AMAZON-AES
Submitted
2024-05-08 12:51:00
Access
public
Website Title
Selfie Filter | Feel your beauty
Final URL
1fe743a4cb9712.lhr.life/index.html.php
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-05-06	440 B	502 kB	104.17.24.14
www.webrtc-experiment.com	109629	2013-07-02	2013-12-02	2024-03-04	1.7 kB	54 kB	185.199.108.153
webrtc.github.io	92383	2013-03-08	2015-02-12	2024-03-22	424 B	29 kB	185.199.108.153
wybiral.github.io	unknown	2013-03-08	2017-10-24	2024-02-20	438 B	1.5 kB	185.199.108.153
1fe743a4cb9712.lhr.life	unknown	unknown	No data	No data	3.2 kB	28 kB	3.234.18.192
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	457 B	1.6 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-08	544 B	17 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-08	medium	lhr.life	Sinkholed
2024-05-08	medium	lhr.life	Sinkholed
2024-05-08	medium	lhr.life	Sinkholed
2024-05-08	medium	lhr.life	Sinkholed
2024-05-08	medium	lhr.life	Sinkholed
2024-05-08	medium	lhr.life	Sinkholed
2024-05-08	medium	lhr.life	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	www.webrtc-experiment.com/RecordRTC.js	194 kB	2023-03-07	2024-05-08
Pretty URL www.webrtc-experiment.com/RecordRTC.js IP 185.199.108.153 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:07:05 Last Seen2024-05-08 14:51:08 Times Seen13 Hash d50c9fdacd4f5489ae7ca7cb40c17a64 7c0516372f989bd6dc5a3ef62254cf649d24ce36 08d112030ce1a1d941742995e2c43dbc8bc3d3c2259ea692ea875df9c3146c56 Loading...

	www.webrtc-experiment.com/gif-recorder.js	7.3 kB	2023-05-23	2024-05-08
Pretty URL www.webrtc-experiment.com/gif-recorder.js IP 185.199.108.153 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 22:33:57 Last Seen2024-05-08 14:51:08 Times Seen6 Hash 720f9d24c9e1987d42c18b29db90c4f9 b7a29854a2b00bdeb3190676b3724de0c5a3f926 e62771b272705e26e00fd40964f66505bd2dcb340b9efeef225a04d66c2a5820 Loading...

	www.webrtc-experiment.com/DetectRTC.js	40 kB	2023-05-23	2024-05-08
Pretty URL www.webrtc-experiment.com/DetectRTC.js IP 185.199.108.153 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 22:33:57 Last Seen2024-05-08 14:51:08 Times Seen8 Hash 7480dcbc49f5ba1f6a9d860d5911c0b7 c4d0de5254d166f394bf8b8a4d8d67a7a4100adf 52f03d0d735b0b376225b3fc225a28fc06533d5c7930a0dcbaa985ac72a1498e Loading...

	1fe743a4cb9712.lhr.life/script.js	536 B	2023-05-23	2024-05-08
Pretty URL 1fe743a4cb9712.lhr.life/script.js IP 3.234.18.192 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 22:33:57 Last Seen2024-05-08 14:51:08 Times Seen5 Hash 31d5b400499b076e66aea30a62bccfcd c4339a3ef7f03be84261ae897569f752644a47cc f39e64933bcbea6a3117322ffed6d64f7838461308c2b950b9119be1c25168f3 Loading...

	1fe743a4cb9712.lhr.life/recorder.js	8.5 kB	2024-05-08	2024-05-08
Pretty URL 1fe743a4cb9712.lhr.life/recorder.js IP 3.234.18.192 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-08 14:51:07 Last Seen2024-05-08 14:51:08 Times Seen1 Hash cb1747e16378c0bee065f4808398e801 4f0d20a616748daa714262bc871da6e26135881e 34233a1568a4438d3748dc803b780916ee6ee295b4dbf8df8fb78489c22a339e Loading...

	wybiral.github.io/code-art/projects/tiny-mirror/index.js	1.9 kB	2023-03-10	2024-05-16
Pretty URL wybiral.github.io/code-art/projects/tiny-mirror/index.js IP 185.199.108.153 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 01:55:10 Last Seen2024-05-16 09:23:00 Times Seen131 Hash 65d5f2a4fd176eacfcbb17cca28a654a 489c65ce544c992668cfbece78168097bb47c5d9 00b54caaaf994fd569c596cff89e2e4e16efbba4f9d00148214f314d2aff73b9 Loading...

	www.webrtc-experiment.com/getScreenId.js	7.0 kB	2023-05-23	2024-05-08
Pretty URL www.webrtc-experiment.com/getScreenId.js IP 185.199.108.153 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-23 22:33:57 Last Seen2024-05-08 14:51:08 Times Seen6 Hash c98152a25e930efa79151527ce4b2055 7438679e67f6c6cb5c4dc1eec42ac2642f4d0beb ab81bae198cbed9f0f5cc892e92f499ab4eab93fa245c36ff789183874b36dfc Loading...

	webrtc.github.io/adapter/adapter-latest.js	132 kB	2024-05-02	2024-05-19
Pretty URL webrtc.github.io/adapter/adapter-latest.js IP 185.199.108.153 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-02 07:42:48 Last Seen2024-05-19 22:47:11 Times Seen6 Hash 53746fa5e4acbdf06fe3eea53794a969 7834550a54a6a04001bb0b3ea36582d5ed1063f8 a89e28bb427371961bd33fb4f781b5d6d4010073ae6203f91b6a934f262fcc3c Loading...

	cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/js/all.min.js	1.7 MB	2023-03-07	2024-05-17
Pretty URL cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/js/all.min.js IP 104.17.24.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:59:07 Last Seen2024-05-17 08:45:29 Times Seen190 Hash 735c741071f8d6c8ce8b5d50efe5516a 1b67e9bb36ae7104676591491c69c9b767777ab9 8735c609d465ac29d79bd284e7f08bfe7777de77c4743ca96bb55284d041a785 Loading...

HTTP Transactions (16)

URL IP Response Size

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/js/all.min.js

104.17.24.14

200 OK

501 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/js/all.min.js
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65317)
Size
501 kB (501024 bytes)
Hash
735c741071f8d6c8ce8b5d50efe5516a
1b67e9bb36ae7104676591491c69c9b767777ab9
8735c609d465ac29d79bd284e7f08bfe7777de77c4743ca96bb55284d041a785

HTTP Headers

GET /ajax/libs/font-awesome/6.1.1/js/all.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://1fe743a4cb9712.lhr.life
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 08 May 2024 12:50:37 GMT
content-type: application/javascript; charset=utf-8
content-length: 501024
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "623a082a-7a520"
last-modified: Tue, 22 Mar 2022 17:32:26 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 572405
expires: Mon, 28 Apr 2025 12:50:37 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dR5pe7j0xi2UhEAkCH9dx1y8fo7XtT51SLSU1QJXmJX%2F0grRaoficezMA%2Fp00izAyA8frKg6j2sq3hfRZ7713OrxseVrF4fMJ7mvzEKY8yAKoBdp7jflOj9AsaM%2F5agz7bnhPY8C"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 880993978f97b4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.webrtc-experiment.com/DetectRTC.js

185.199.108.153

200 OK

8.2 kB

URL GET HTTP/2
www.webrtc-experiment.com/DetectRTC.js
IP
185.199.108.153:443
ASN
#54113 FASTLY

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerLet's Encrypt
Subjectwww.webrtc-experiment.com
FingerprintC4:28:60:27:09:07:58:92:76:32:BF:C3:5F:17:0F:49:ED:59:C9:E3
ValidityTue, 12 Mar 2024 04:12:56 GMT - Mon, 10 Jun 2024 04:12:55 GMT

File type
JavaScript source, ASCII text
Size
8.2 kB (8157 bytes)
Hash
7480dcbc49f5ba1f6a9d860d5911c0b7
c4d0de5254d166f394bf8b8a4d8d67a7a4100adf
52f03d0d735b0b376225b3fc225a28fc06533d5c7930a0dcbaa985ac72a1498e

HTTP Headers

GET /DetectRTC.js HTTP/1.1
Host: www.webrtc-experiment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
last-modified: Sun, 26 Nov 2023 13:52:09 GMT
access-control-allow-origin: *
etag: W/"65634d89-9d7e"
expires: Wed, 08 May 2024 04:55:51 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 4834:358315:55D96D7:5836AD7:663B037E
accept-ranges: bytes
date: Wed, 08 May 2024 12:50:37 GMT
via: 1.1 varnish
age: 414
x-served-by: cache-hel1410026-HEL
x-cache: HIT
x-cache-hits: 21
x-timer: S1715172638.514026,VS0,VE0
vary: Accept-Encoding
x-fastly-request-id: 745388cb073ec8a39cb6b21b02f4cdb72ee54530
content-length: 8157
X-Firefox-Spdy: h2

webrtc.github.io/adapter/adapter-latest.js

185.199.108.153

200 OK

28 kB

URL GET HTTP/2
webrtc.github.io/adapter/adapter-latest.js
IP
185.199.108.153:443
ASN
#54113 FASTLY

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (864)
Size
28 kB (27847 bytes)
Hash
53746fa5e4acbdf06fe3eea53794a969
7834550a54a6a04001bb0b3ea36582d5ed1063f8
a89e28bb427371961bd33fb4f781b5d6d4010073ae6203f91b6a934f262fcc3c

HTTP Headers

GET /adapter/adapter-latest.js HTTP/1.1
Host: webrtc.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
x-origin-cache: HIT
last-modified: Fri, 29 Mar 2024 13:25:19 GMT
access-control-allow-origin: *
etag: W/"6606c13f-2027b"
expires: Fri, 03 May 2024 13:32:44 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: HIT
x-github-request-id: 70D2:3020E6:2A98509:2BBB204:6634E525
accept-ranges: bytes
date: Wed, 08 May 2024 12:50:37 GMT
via: 1.1 varnish
age: 573
x-served-by: cache-hel1410027-HEL
x-cache: HIT
x-cache-hits: 10
x-timer: S1715172638.521744,VS0,VE0
vary: Accept-Encoding
x-fastly-request-id: 400b4ba4e0e2d651d746083348fd10e2d449f135
content-length: 27847
X-Firefox-Spdy: h2

www.webrtc-experiment.com/RecordRTC.js

185.199.108.153

200 OK

38 kB

URL GET HTTP/2
www.webrtc-experiment.com/RecordRTC.js
IP
185.199.108.153:443
ASN
#54113 FASTLY

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerLet's Encrypt
Subjectwww.webrtc-experiment.com
FingerprintC4:28:60:27:09:07:58:92:76:32:BF:C3:5F:17:0F:49:ED:59:C9:E3
ValidityTue, 12 Mar 2024 04:12:56 GMT - Mon, 10 Jun 2024 04:12:55 GMT

File type
JavaScript source, ASCII text
Size
38 kB (37725 bytes)
Hash
d50c9fdacd4f5489ae7ca7cb40c17a64
7c0516372f989bd6dc5a3ef62254cf649d24ce36
08d112030ce1a1d941742995e2c43dbc8bc3d3c2259ea692ea875df9c3146c56

HTTP Headers

GET /RecordRTC.js HTTP/1.1
Host: www.webrtc-experiment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
x-origin-cache: HIT
last-modified: Sun, 26 Nov 2023 13:52:09 GMT
access-control-allow-origin: *
etag: W/"65634d89-2f712"
expires: Wed, 08 May 2024 04:17:28 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 5380:2A16A1:2D27C1D:2E69451:663AFA7F
accept-ranges: bytes
age: 189
date: Wed, 08 May 2024 12:50:37 GMT
via: 1.1 varnish
x-served-by: cache-hel1410026-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1715172638.540341,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: d5463108685adea85ee10cb072fbbd294aee2d66
content-length: 37725
X-Firefox-Spdy: h2

wybiral.github.io/code-art/projects/tiny-mirror/index.js

185.199.108.153

200 OK

742 B

URL GET HTTP/2
wybiral.github.io/code-art/projects/tiny-mirror/index.js
IP
185.199.108.153:443
ASN
#54113 FASTLY

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
ASCII text
Size
742 B (742 bytes)
Hash
65d5f2a4fd176eacfcbb17cca28a654a
489c65ce544c992668cfbece78168097bb47c5d9
00b54caaaf994fd569c596cff89e2e4e16efbba4f9d00148214f314d2aff73b9

HTTP Headers

GET /code-art/projects/tiny-mirror/index.js HTTP/1.1
Host: wybiral.github.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Fri, 26 Apr 2019 04:57:12 GMT
access-control-allow-origin: *
etag: W/"5cc28fa8-740"
expires: Wed, 08 May 2024 12:16:23 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: HIT
x-github-request-id: 2272:35DF7B:55EC68F:58491F3:663B6AE1
accept-ranges: bytes
age: 0
date: Wed, 08 May 2024 12:50:37 GMT
via: 1.1 varnish
x-served-by: cache-hel1410031-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1715172638.528119,VS0,VE121
vary: Accept-Encoding
x-fastly-request-id: c7465be5b042c1bca99864757dc9b5b328360318
content-length: 742
X-Firefox-Spdy: h2

www.webrtc-experiment.com/gif-recorder.js

185.199.108.153

200 OK

3.5 kB

URL GET HTTP/2
www.webrtc-experiment.com/gif-recorder.js
IP
185.199.108.153:443
ASN
#54113 FASTLY

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerLet's Encrypt
Subjectwww.webrtc-experiment.com
FingerprintC4:28:60:27:09:07:58:92:76:32:BF:C3:5F:17:0F:49:ED:59:C9:E3
ValidityTue, 12 Mar 2024 04:12:56 GMT - Mon, 10 Jun 2024 04:12:55 GMT

File type
ASCII text, with very long lines (6974)
Size
3.5 kB (3474 bytes)
Hash
720f9d24c9e1987d42c18b29db90c4f9
b7a29854a2b00bdeb3190676b3724de0c5a3f926
e62771b272705e26e00fd40964f66505bd2dcb340b9efeef225a04d66c2a5820

HTTP Headers

GET /gif-recorder.js HTTP/1.1
Host: www.webrtc-experiment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
last-modified: Sun, 26 Nov 2023 13:52:10 GMT
access-control-allow-origin: *
etag: W/"65634d8a-1c7f"
expires: Wed, 08 May 2024 12:37:11 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: 118E:172F30:223F3D3:23176A3:663B6F9F
accept-ranges: bytes
age: 0
date: Wed, 08 May 2024 12:50:37 GMT
via: 1.1 varnish
x-served-by: cache-hel1410026-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1715172638.512429,VS0,VE127
vary: Accept-Encoding
x-fastly-request-id: 423c764f8a2ca653e63cfd46ab0fc9741a165bb4
content-length: 3474
X-Firefox-Spdy: h2

www.webrtc-experiment.com/getScreenId.js

185.199.108.153

200 OK

1.6 kB

URL GET HTTP/2
www.webrtc-experiment.com/getScreenId.js
IP
185.199.108.153:443
ASN
#54113 FASTLY

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerLet's Encrypt
Subjectwww.webrtc-experiment.com
FingerprintC4:28:60:27:09:07:58:92:76:32:BF:C3:5F:17:0F:49:ED:59:C9:E3
ValidityTue, 12 Mar 2024 04:12:56 GMT - Mon, 10 Jun 2024 04:12:55 GMT

File type
JavaScript source, ASCII text
Size
1.6 kB (1602 bytes)
Hash
c98152a25e930efa79151527ce4b2055
7438679e67f6c6cb5c4dc1eec42ac2642f4d0beb
ab81bae198cbed9f0f5cc892e92f499ab4eab93fa245c36ff789183874b36dfc

HTTP Headers

GET /getScreenId.js HTTP/1.1
Host: www.webrtc-experiment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
x-origin-cache: HIT
last-modified: Sun, 26 Nov 2023 13:52:10 GMT
access-control-allow-origin: *
etag: W/"65634d8a-1b2d"
expires: Wed, 08 May 2024 12:37:11 GMT
cache-control: max-age=600
content-encoding: gzip
x-proxy-cache: MISS
x-github-request-id: A6C8:313486:2541A94:262232D:663B6F9E
accept-ranges: bytes
age: 0
date: Wed, 08 May 2024 12:50:37 GMT
via: 1.1 varnish
x-served-by: cache-hel1410026-HEL
x-cache: HIT
x-cache-hits: 0
x-timer: S1715172638.538809,VS0,VE123
vary: Accept-Encoding
x-fastly-request-id: fc074ab2faf2ed1826b2817acb644ad816af5407
content-length: 1602
X-Firefox-Spdy: h2

1fe743a4cb9712.lhr.life/index.html.php

3.234.18.192

200 OK

12 kB

URL User Request GET HTTP/1.1
1fe743a4cb9712.lhr.life/index.html.php
IP
3.234.18.192:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectlocalhost.run
FingerprintF1:75:EC:7E:A1:B7:8D:4D:AD:2E:95:4D:CE:91:BD:17:48:9C:30:3E
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (8534)
Size
12 kB (12115 bytes)
Hash
1dca101033444c9660d44ef1d77b4b03
8b5e54652a7a496fa8b32f1928c188942029e5a1
f0b269ef39553d5adbc121c572e3fc02ef55fd3a99276240720b3bfafe3fa6e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index.html.php HTTP/1.1
Host: 1fe743a4cb9712.lhr.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Host: 1fe743a4cb9712.lhr.life
Date: Wed, 08 May 2024 12:50:33 GMT
Connection: close
X-Powered-By: PHP/8.3.6
Content-type: text/html; charset=UTF-8

1fe743a4cb9712.lhr.life/script.js

3.234.18.192

200 OK

536 B

URL GET HTTP/1.1
1fe743a4cb9712.lhr.life/script.js
IP
3.234.18.192:443
ASN
#14618 AMAZON-AES

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerAmazon
Subjectlocalhost.run
FingerprintF1:75:EC:7E:A1:B7:8D:4D:AD:2E:95:4D:CE:91:BD:17:48:9C:30:3E
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
536 B (536 bytes)
Hash
31d5b400499b076e66aea30a62bccfcd
c4339a3ef7f03be84261ae897569f752644a47cc
f39e64933bcbea6a3117322ffed6d64f7838461308c2b950b9119be1c25168f3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /script.js HTTP/1.1
Host: 1fe743a4cb9712.lhr.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/index.html.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Host: 1fe743a4cb9712.lhr.life
Date: Wed, 08 May 2024 12:50:35 GMT
Connection: close
Content-Type: application/javascript
Content-Length: 536

1fe743a4cb9712.lhr.life/styles.css

3.234.18.192

200 OK

1.7 kB

URL GET HTTP/1.1
1fe743a4cb9712.lhr.life/styles.css
IP
3.234.18.192:443
ASN
#14618 AMAZON-AES

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerAmazon
Subjectlocalhost.run
FingerprintF1:75:EC:7E:A1:B7:8D:4D:AD:2E:95:4D:CE:91:BD:17:48:9C:30:3E
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
ASCII text
Size
1.7 kB (1733 bytes)
Hash
9d5b60375e39c5faa275418bfb2d6c63
06d37457be5982a22d8e80f9f29813c926014794
14af0c2374baf3d6dab5dcba0b09b9dde139f7e51d863903a73298bebdd11ff3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /styles.css HTTP/1.1
Host: 1fe743a4cb9712.lhr.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/index.html.php
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Host: 1fe743a4cb9712.lhr.life
Date: Wed, 08 May 2024 12:50:35 GMT
Connection: close
Content-Type: text/css; charset=UTF-8
Content-Length: 1733

fonts.googleapis.com/css2?family=Nunito:wght@500&display=swap

142.250.74.106

200 OK

1.0 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Nunito:wght@500&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
1.0 kB (1006 bytes)
Hash
976cae88460c0ace207401459f4309aa
7ad0c2a669b99ad25a5f2e231a3116bcb0ac5b6e
5e39c8957050428f4e58c3aa5bce3c6f9879bb9c4d1e1076ea17c577fc96ea54

HTTP Headers

GET /css2?family=Nunito:wght@500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 12:50:39 GMT
date: Wed, 08 May 2024 12:50:39 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDIkhdTQ3jw.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDIkhdTQ3jw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 16504, version 1.0
Size
16 kB (16504 bytes)
Hash
a946e54d310beb6b032582915ba20462
dc09d2ea8bf4388f17af428720200faa1f4eb56d
b14d0eb15d2c7bc6e9da3cd228a76ccd7c0e26d2d7d546a4fedc658b1586c5b4

HTTP Headers

GET /s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDIkhdTQ3jw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1fe743a4cb9712.lhr.life
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 16504
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 May 2024 18:00:03 GMT
expires: Mon, 05 May 2025 18:00:03 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 14 Sep 2023 00:02:22 GMT
content-type: font/woff2
age: 240636
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

1fe743a4cb9712.lhr.life/images/favicon.ico

3.234.18.192

404 Not Found

551 B

URL GET HTTP/1.1
1fe743a4cb9712.lhr.life/images/favicon.ico
IP
3.234.18.192:443
ASN
#14618 AMAZON-AES

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerAmazon
Subjectlocalhost.run
FingerprintF1:75:EC:7E:A1:B7:8D:4D:AD:2E:95:4D:CE:91:BD:17:48:9C:30:3E
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
HTML document, ASCII text
Size
551 B (551 bytes)
Hash
0951ff4a96b61d60d6f56ab81f0fe011
a01e652642cba56b3cb667251f1a49a8a05c5e4a
52f896486117534643975be4852f55cc0a079b23aaf1d65813d9b50102f28bfb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/favicon.ico HTTP/1.1
Host: 1fe743a4cb9712.lhr.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/index.html.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Host: 1fe743a4cb9712.lhr.life
Date: Wed, 08 May 2024 12:50:37 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 551

1fe743a4cb9712.lhr.life/

3.234.18.192

302 Found

3.6 kB

URL User Request GET HTTP/1.1
1fe743a4cb9712.lhr.life/
IP
3.234.18.192:443
ASN
#14618 AMAZON-AES

Certificate
IssuerAmazon
Subjectlocalhost.run
FingerprintF1:75:EC:7E:A1:B7:8D:4D:AD:2E:95:4D:CE:91:BD:17:48:9C:30:3E
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type

Size
3.6 kB (3580 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: 1fe743a4cb9712.lhr.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Host: 1fe743a4cb9712.lhr.life
Date: Wed, 08 May 2024 12:50:32 GMT
Connection: close
X-Powered-By: PHP/8.3.6
Location: index.html.php
Content-type: text/html; charset=UTF-8

1fe743a4cb9712.lhr.life/recorder.js

3.234.18.192

200 OK

8.5 kB

URL GET HTTP/1.1
1fe743a4cb9712.lhr.life/recorder.js
IP
3.234.18.192:443
ASN
#14618 AMAZON-AES

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php
Certificate
IssuerAmazon
Subjectlocalhost.run
FingerprintF1:75:EC:7E:A1:B7:8D:4D:AD:2E:95:4D:CE:91:BD:17:48:9C:30:3E
ValidityWed, 30 Aug 2023 00:00:00 GMT - Fri, 27 Sep 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (8732), with no line terminators
Size
8.5 kB (8535 bytes)
Hash
8daccedbc64a0d41c97f8c28fcb51253
b97e7f3498f074a4da31b32fd3506dfe6f3298a7
467c953acf53f8cc3025a3294932bd08fa35511ad3f9c96d6fd090f87eb78159

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /recorder.js HTTP/1.1
Host: 1fe743a4cb9712.lhr.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/index.html.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Host: 1fe743a4cb9712.lhr.life
Date: Wed, 08 May 2024 12:50:35 GMT
Connection: close
Content-Type: application/javascript
Content-Length: 8535

1fe743a4cb9712.lhr.life/favicon.ico

0.0.0.0

0 B

URL GET
1fe743a4cb9712.lhr.life/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://1fe743a4cb9712.lhr.life/index.html.php

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 1fe743a4cb9712.lhr.life
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1fe743a4cb9712.lhr.life/index.html.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML